Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/5Gb6hc8c6e_T0jp-7tOhv1aSnbs.roa
File:                     5Gb6hc8c6e_T0jp-7tOhv1aSnbs.roa (raw, json)
Hash identifier:          GMcY+Vcxtv+yuahYv7nXQxaJEt+vN0M89l4WY2L+IN0=
Subject key identifier:   E4:66:FA:85:CF:1C:E9:EF:D3:D2:3A:7E:EE:D3:A1:BF:56:92:9D:BB
Certificate issuer:       /CN=45effe98c24c3d6d6087c8d1d3f901b8ccd40088
Certificate serial:       019748C5959CB984DF4267E58DF76F70CBCF
Authority key identifier: 45:EF:FE:98:C2:4C:3D:6D:60:87:C8:D1:D3:F9:01:B8:CC:D4:00:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/5Gb6hc8c6e_T0jp-7tOhv1aSnbs.roa
Signing time:             Sat 07 Jun 2025 05:03:17 +0000
ROA not before:           Sat 07 Jun 2025 05:03:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197450
IP address blocks:        91.217.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 19:25:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:48:c5:95:9c:b9:84:df:42:67:e5:8d:f7:6f:70:cb:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45effe98c24c3d6d6087c8d1d3f901b8ccd40088
        Validity
            Not Before: Jun  7 05:03:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e466fa85cf1ce9efd3d23a7eeed3a1bf56929dbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a4:00:f3:00:3c:8a:ee:39:aa:bf:3f:8e:23:
                    60:b9:4c:98:aa:fc:fb:71:1e:ce:e5:1b:77:27:a6:
                    a5:0e:4f:4c:49:bb:a5:6d:f3:bb:68:c1:0c:5e:25:
                    96:09:81:cb:3a:8a:f4:c1:ef:4a:32:99:cc:a1:eb:
                    b3:91:5d:84:78:02:3c:45:06:ab:9e:43:87:11:f0:
                    a1:db:45:5c:d9:b8:e6:dd:ee:db:12:17:67:b5:b6:
                    81:04:fb:39:56:a6:df:28:55:73:6e:c1:af:54:e5:
                    ec:c9:c8:6b:63:a4:3d:2e:d8:d4:5c:83:00:60:b7:
                    87:1a:6b:43:20:9b:39:a8:b3:f3:bb:64:46:2e:05:
                    cd:3d:32:00:85:c9:41:f1:e5:54:7c:b0:64:76:21:
                    dc:ff:de:00:be:12:f8:c2:78:41:82:0f:c0:9f:fc:
                    4c:84:c8:bc:b0:ae:aa:1d:35:32:34:53:83:6d:a0:
                    a4:91:ef:37:3c:03:15:15:42:9d:f4:35:0b:87:54:
                    9b:0a:0d:07:8e:10:f2:cd:e2:93:a6:1f:c6:79:d1:
                    0f:73:29:7b:d0:20:12:ca:47:a7:2b:03:9d:7d:e5:
                    e7:c2:5b:24:cb:ca:20:d2:0a:d5:ac:e8:f1:14:bd:
                    25:78:ad:8e:7f:67:75:50:c0:54:ec:73:6a:77:ec:
                    32:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:66:FA:85:CF:1C:E9:EF:D3:D2:3A:7E:EE:D3:A1:BF:56:92:9D:BB
            X509v3 Authority Key Identifier:
                keyid:45:EF:FE:98:C2:4C:3D:6D:60:87:C8:D1:D3:F9:01:B8:CC:D4:00:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/5Gb6hc8c6e_T0jp-7tOhv1aSnbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:d4:a1:d1:26:c6:ca:93:b4:fc:48:9e:c9:80:9b:45:3b:09:
         ff:96:62:dd:67:da:df:27:04:d2:9c:c7:b5:42:4d:4c:0b:96:
         ac:f1:5c:40:1b:aa:f6:69:1b:69:70:11:31:72:b2:d4:3b:92:
         0b:f0:a2:7a:ec:cb:24:6f:f1:f7:0a:72:97:1b:c0:89:be:b0:
         f9:12:f6:b8:eb:7f:41:25:2b:8c:57:0d:11:ac:36:07:66:47:
         4b:ab:c6:a4:67:6b:54:fe:98:54:77:f7:56:e5:d2:e2:fa:c0:
         a5:12:f4:0b:29:11:df:ba:1c:ed:7a:4d:ba:80:ed:48:ed:e0:
         ba:76:c4:cf:06:63:e6:25:55:3d:d6:42:b7:99:52:2e:7a:b2:
         34:b8:6e:82:6a:aa:60:1d:15:33:8c:92:a3:3e:30:d2:c2:df:
         6a:08:30:a5:ef:f3:28:ba:f3:b5:ec:ef:88:48:f3:33:43:4c:
         10:6d:de:f9:fe:15:ab:0d:5d:94:e6:f2:f6:9e:21:2b:7f:92:
         3d:61:a4:e4:67:87:9f:6a:41:d2:6b:eb:db:6f:5b:fb:14:d1:
         1a:54:50:66:b7:41:8e:b9:ca:1a:83:63:fb:63:e1:12:7c:fa:
         b3:cf:bb:64:9e:49:90:5a:4a:2c:01:b5:54:5b:49:b6:6d:c3:
         ce:47:9a:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdIxZWcuYTfQmfljfdvcMvPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZWZmZTk4YzI0YzNkNmQ2MDg3YzhkMWQzZjkwMWI4Y2Nk
NDAwODgwHhcNMjUwNjA3MDUwMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDY2ZmE4NWNmMWNlOWVmZDNkMjNhN2VlZWQzYTFiZjU2OTI5ZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaQA8wA8iu45qr8/jiNguUyYqvz7
cR7O5Rt3J6alDk9MSbulbfO7aMEMXiWWCYHLOor0we9KMpnMoeuzkV2EeAI8RQar
nkOHEfCh20Vc2bjm3e7bEhdntbaBBPs5VqbfKFVzbsGvVOXsychrY6Q9LtjUXIMA
YLeHGmtDIJs5qLPzu2RGLgXNPTIAhclB8eVUfLBkdiHc/94AvhL4wnhBgg/An/xM
hMi8sK6qHTUyNFODbaCkke83PAMVFUKd9DULh1SbCg0HjhDyzeKTph/GedEPcyl7
0CASykenKwOdfeXnwlsky8og0grVrOjxFL0leK2Of2d1UMBU7HNqd+wyowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORm+oXPHOnv09I6fu7Tob9Wkp27MB8GA1UdIwQY
MBaAFEXv/pjCTD1tYIfI0dP5AbjM1ACIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmVfLW1NSk1QVzFnaDhqUjBfa0J1TXpVQUlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8xZTRhNjQtN2FhMC00Yzk0LTliYjAt
ZGViN2I5MTg5MTY5LzEvNUdiNmhjOGM2ZV9UMGpwLTd0T2h2MWFTbmJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8xZTRhNjQtN2FhMC00Yzk0LTliYjAtZGViN2I5MTg5MTY5
LzEvUmVfLW1NSk1QVzFnaDhqUjBfa0J1TXpVQUlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9mVMA0G
CSqGSIb3DQEBCwUAA4IBAQCT1KHRJsbKk7T8SJ7JgJtFOwn/lmLdZ9rfJwTSnMe1
Qk1MC5as8VxAG6r2aRtpcBExcrLUO5IL8KJ67Mskb/H3CnKXG8CJvrD5Eva4639B
JSuMVw0RrDYHZkdLq8akZ2tU/phUd/dW5dLi+sClEvQLKRHfuhztek26gO1I7eC6
dsTPBmPmJVU91kK3mVIuerI0uG6CaqpgHRUzjJKjPjDSwt9qCDCl7/MouvO17O+I
SPMzQ0wQbd75/hWrDV2U5vL2niErf5I9YaTkZ4efakHSa+vbb1v7FNEaVFBmt0GO
ucoag2P7Y+ESfPqzz7tknkmQWkosAbVUW0m2bcPOR5qa
-----END CERTIFICATE-----